5 May, 2026

WIPO Orders Transfer of Unauthorized .store Domain Targeting LEGO Trademark

UDRP Cases

In WIPO case D2026-0752, Danish toy manufacturer LEGO Holding A/S successfully obtained the transfer of the disputed domain legofun.store. The respondent had registered and used the domain to operate an unauthorized digital storefront that displayed official brand imagery to sell LEGO products. Panelist Ian Lowe ordered the domain’s transfer, finding the registration to be a bad-faith commercial exploitation of the famous trademark.

Case Snapshot

Case Number D2026-0752
Complainant LEGO Holding A/S
Respondent amen 01, fercus
Disputed Domain
legofun.store
Threat Tactic Fake Stores
Decision Date 2026-04-10
Panelist Ian Lowe
OutcomeTransfer
Official Source https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2026-0752

DTC Channel Dilution and Market Entry Risks in Retail-Specific TLDs

When established brand owners expand their presence or attempt to secure direct-to-consumer digital channels in retail-focused top-level domains, they face persistent exposure to unauthorized registrations. The registration of legofun.store by a third-party operator exemplifies how bad-faith actors target famous trademarks using descriptive keywords within commerce-oriented TLDs like .store. By launching a digital storefront branded as ‘LegoFun’ that featured official product imagery, the operator positioned itself to capture organic consumer search traffic. This unauthorized market entry directly dilutes the brand’s control over its digital distribution channels, potentially diverting consumers who are seeking legitimate retail destinations.

The deployment of copycat digital storefronts using authentic product imagery presents a severe risk to brand equity and customer trust, even when specific transactional damages are undocumented. In this dispute, while the record does not establish whether the items offered were counterfeit or unauthorized parallel imports, the visual mimicry was sufficient to mislead consumers. Furthermore, when bad-faith operators default or ignore formal cease-and-desist communications, the prolonged online presence of these unauthorized sites forces brand owners into reactive legal spend. Failing to swiftly address such retail-specific infringements can result in a loss of digital market share and weaken the distinctiveness of the primary trademark across emerging online retail categories.

Why the Complainant’s Strategy Succeeded and the Evidentiary Foundation of the Case

LEGO Holding A/S’s enforcement strategy succeeded primarily due to proactive evidence preservation before the disputed domain, legofun.store, ceased resolving to an active website. Prior to filing the complaint, the complainant’s representative secured clear proof that the respondent, amen 01, fercus, was operating an unauthorized storefront under the header ‘LegoFun’. This online shop displayed images of official LEGO products and purported to offer a wide range of these products for sale. By presenting this active use evidence to the WIPO Arbitration and Mediation Center, the complainant prevented the respondent from escaping liability through a subsequent transition to passive holding, establishing a clear record of commercial bad faith under paragraph 4(b)(iv) of the Policy.

The complainant’s tactical deployment of cease-and-desist letters in November 2025 also reinforced the legal basis for transfer. The respondent’s failure to reply to these communications, combined with their subsequent default in the administrative proceeding, underscored their lack of rights or legitimate interests. From a brand protection perspective, targeting unauthorized retail-focused domains like .store is essential, as these specific extensions directly target consumers looking to purchase authentic goods. By proving that the respondent failed to satisfy the Oki Data criteria or demonstrate a bona fide offering of goods, the complainant enabled Panelist Ian Lowe to rule that the respondent was merely exploiting the famous LEGO trademark alongside the descriptive suffix ‘fun’ to confuse consumers for commercial gain.

Practical Recommendations

  • Proactively monitor and selectively secure defensive registrations in retail-focused generic Top-Level Domains (gTLDs) such as .store and .shop to protect direct-to-consumer channels from unauthorized storefronts targeting your primary trademark.
  • Systematically archive and preserve comprehensive digital evidence—including screenshots of product listings, pricing, and trademark usage—immediately upon detection to satisfy the Oki Data criteria and prove bad faith in eventual UDRP proceedings.
  • Proceed with filing a formal UDRP complaint even if an infringer deactivates an unauthorized e-commerce site after receiving a cease-and-desist letter, securing a permanent domain transfer to prevent the domain from being reactivated or transferred to another bad-faith actor.
  • Establish an automated brand-monitoring matrix that flags new registrations combining core trademarks with common retail or promotional descriptive terms (such as ‘fun’, ‘outlet’, or ‘deals’) paired with commercial domain extensions.

Frequently Asked Questions (FAQ)

Why was the domain ‘legofun.store’ considered confusingly similar to the LEGO trademark?

The Panelist found that the domain name incorporates the famous LEGO trademark in its entirety, which is sufficient to establish confusing similarity under the UDRP, even with the addition of the descriptive term ‘fun’ and the ‘.store’ TLD.

What evidence proved the respondent had no legitimate rights or interests in the domain?

The respondent failed to satisfy the Oki Data criteria, which require a reseller to accurately disclose their relationship with the brand and not impersonate the trademark holder. The respondent did not reply to the complaint and provided no evidence of a bona fide offering of goods.

How did the panel determine that the respondent acted in bad faith?

The panel concluded that the respondent registered and used the domain in bad faith under paragraph 4(b)(iv) of the Policy by using official LEGO brand imagery on an unauthorized website to deceive consumers and commercially exploit the fame of the LEGO mark.

What is the strategic takeaway regarding the respondent’s decision to stop the website during the proceeding?

The respondent’s choice to cease operations and ignore cease-and-desist letters failed to protect the domain. Under the UDRP, the active display of copycat storefronts remains evidence of bad faith regardless of whether the site is taken down prior to the final decision.

Found a fake shop using your brand?

Retail-focused domains like .store are frequently used to host unauthorized storefronts that dilute your brand equity and confuse consumers. If you have identified a site mirroring your product imagery or e-commerce experience, we can provide a preliminary UDRP eligibility assessment to help you secure the domain.

Request takedown assessment

Contact us
We will find the best solution for your business

    Thank you for your request!
    We will contact you within 5 hours!
    Image
    This site uses cookies to improve your experience. By continuing, you agree to our Privacy Policy.

    Privacy settings

    When you visit websites, they may store or retrieve data in your browser. This storage is often required for basic website functionality. Storage may be used for marketing, analytics and site personalization purposes, such as storing your preferences. Privacy is important to us, so you can disable certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may affect the performance of the website.

    Manage settings


    Necessary

    Always active

    These cookies are necessary for the website to function and cannot be disabled in our systems. They are usually only set in response to actions you take that constitute a request for services, such as adjusting your privacy settings, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them, but some parts of the site will not work. These cookies do not store any personal information.

    Marketing

    These elements are used to show you advertising that is more relevant to you and your interests. They can also be used to limit the number of ad views and measure the effectiveness of advertising campaigns. Advertising networks usually place them with the permission of the site operator.

    Personalization

    These elements allow the website to remember your choices (such as your username, language or region you are in) and provide enhanced, more personalized features. For example, a website may provide you with local weather forecasts or traffic news by storing data about your current location.

    Analytics

    These elements help the website operator understand how their website works, how visitors interact with the site and whether there may be technical problems. This type of storage usually does not collect information that identifies the visitor.